<?php

require_once dirname(dirname(__FILE__)).'/class/gtickets.php' ;
require_once dirname(dirname(__FILE__)).'/include/common_functions.php' ;

$myts =& MyTextSanitizer::getInstance() ;
$db =& Database::getInstance() ;

// THIS PAGE CAN BE CALLED ONLY FROM D3DOWNLOADS
if( $xoopsModule->getVar('dirname') != $mydirname ) die( 'this page can be called only from '.$mydirname ) ;

// PERMISSION ERROR
$module_handler =& xoops_gethandler( 'module' ) ;
$module =& $module_handler->getByDirname( $mydirname ) ;
$moduleperm_handler =& xoops_gethandler( 'groupperm' ) ;
$mid = $module->getVar('mid') ;
if( ! is_object( @$xoopsUser ) || ! $moduleperm_handler->checkRight( 'module_admin' , $mid , $xoopsUser->getGroups() ) ) {
	die( 'Only administrator can use this feature.' ) ;
}

if( is_object( $xoopsUser ) ) {
	$xoops_isuser = true ;
	$xoops_userid = $xoopsUser->getVar('uid') ;
	$xoops_uname = $xoopsUser->getVar('uname') ;
	$xoops_isadmin = $xoopsUserIsAdmin ;
} else {
	$xoops_isuser = false ;
	$xoops_userid = 0 ;
	$xoops_uname = '' ;
	$xoops_isadmin = false ;
}

// GET REQUESTID FROM $_GET
$requestid = isset( $_GET['requestid'] ) ? intval( $_GET['requestid'] ) : "";

// CATEGORY LIST
include_once dirname(dirname(__FILE__)).'/class/mytree.php' ;
$mytree = new MyTree( $db->prefix( $mydirname."_cat" ) , "cid" , "pid" ) ;
$category = array() ;
$crs = $db->query("SELECT cid, title FROM ".$db->prefix( $mydirname."_cat" )." WHERE pid='0' ORDER BY cat_weight ASC");
while( list( $id, $name ) = $db->fetchRow( $crs ) ) {
	$catid = intval( $id );
	$category[ $catid ] = $myts->makeTboxData4Show( $name ) ;
	$arr = $mytree->getChildTreeArray( $catid );
	foreach ( $arr as $child ) {
		$child_id = intval( $child['cid'] );
		$child['prefix'] = str_replace(".","--",$child['prefix']);
		$category[ $child_id ] = $child['prefix']."&nbsp;".$myts->makeTboxData4Show( $child['title'] );
	}
}
// GET PLATFORM LIST
$select_platform = array() ;
$select_platform = d3download_select_platform( $mydirname );

$formtitle = _MD_D3DOWNLOADS_SUBMIT_APPROVAL ;

// GET UNAPROVALDATA
$mod_url = XOOPS_URL.'/modules/'.$mydirname ;
$unapproval4assign = array() ;
$result = $db->query("SELECT requestid, lid, cid, title, url, filename, ext, homepage, version, size, platform, logourl, description, html, smiley, br, xcode, submitter, date, visible, cancomment, notify FROM ".$db->prefix( $mydirname."_unapproval" )."  WHERE requestid='".$requestid."'");
while( list( $id, $lid, $cid, $title, $url, $fname, $ex, $homepage, $version, $size, $platform, $logourl, $description, $html, $smiley, $br, $xcode, $submit, $date, $visible, $cancomment, $notify ) = $db->fetchRow( $result ) ) {
	$cid4assign = intval( $cid ) ;
	$modify = ! empty( $lid ) ? TRUE : FALSE ;
	$aprovalid = intval( $lid );
	$submitter = intval( $submit );
	$postname = d3download_postname( $submitter );
	if ( $submitter > 0 ) {
		$user_url = XOOPS_URL."/userinfo.php?uid=$submitter";
	} else {
		$user_url = "";
	}
	$url4assign = $myts->makeTboxData4Edit( $url ) ;
	$filename = $myts->makeTboxData4Edit( $fname ) ;
	$ext = $myts->makeTboxData4Edit( $ex ) ;
	if ( ! preg_match("/^http:\/\//", $url4assign) ) {
		if( ! file_exists( $url4assign ) ){
			$filelink = '<font color="#FF0000"><b>broken file !!</b></font>';
		} else {
			if ( ! empty( $filename ) ){
				$filelink =  '[<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'&filename='.$filename.'&ext='.$ext.'">'._MD_D3DOWNLOADS_SUBMIT_ACCESS_URL.'</a>]' ;
			} else {
				$filelink =  '[<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'">'._MD_D3DOWNLOADS_SUBMIT_ACCESS_URL.'</a>]' ;
			}
		}
	} else {
		$filelink =  '[<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'" rel="nofollow">'._MD_D3DOWNLOADS_SUBMIT_ACCESS_URL.'</a>]' ;
	}
	if( empty( $usealbum ) ){
		$logourl4assign = $myts->makeTboxData4Edit( $logourl ) ;
	} else {
		$logourl4assign = intval( $logourl ) ;
	}
	$unapproval4assign = array(
		'requestid' => intval( $id ) ,
		'lid' => $aprovalid ,
		'cid' => $cid4assign ,
		'category' => $category ,
		'title' => $myts->makeTboxData4Edit( $title ) ,
		'url' => $url4assign ,
		'filelink' => $filelink ,
		'filename' => $filename ,
		'ext' => $myts->makeTboxData4Edit( $ext ) ,
		'homepage' => $myts->makeTboxData4Edit( $homepage ) ,
		'version' => $myts->makeTboxData4Edit( $version ) ,
		'size' =>  intval( $size ) ,
		'platform' => $myts->makeTboxData4Edit( $platform ) ,
		'logourl' => $logourl4assign ,
		'description' => $myts->makeTboxData4Edit( $description ) ,
		'html' => $html ? 1 : 0 ,
		'smiley' => $smiley ? 1 : 0 ,
		'br' => $br ? 1 : 0 ,
		'xcode' => $xcode ? 1 : 0 ,
		'submitter' => $submitter ,
		'postname' => $postname ,
		'user_url' => $user_url ,
		'date' => intval( $date ) ,
		'modify' => $modify ,
		'visible' => $visible ? 1 : 0 ,
		'cancomment' => $cancomment ? 1 : 0 ,
		'notify' => $notify ? 1 : 0 ,
	) ;
}

// SCREEN SHOTS DATA
$img_ar = array();
$shots_help = '';
$canuseshots = ! empty( $xoopsModuleConfig['useshots'] ) ? 1 : 0 ;
$usealbum = d3download_can_albumselect( $mydirname ) ;
if( ! empty( $canuseshots ) ){
	$shots_dir = d3download_shots_dir( $mydirname, $cid4assign );
	$img_ar = d3download_shots_img_ar( $mydirname, $shots_dir );
	if( empty( $usealbum ) ){
		$shots_help = sprintf( _MD_D3DOWNLOADS_SUBMIT_LOGOURL_DESC , $shots_dir );
	}
}

// GET DOWNLOADDATA
$download4assign = array();
$result = $db->query("SELECT d.cid, d.title, d.url, d.filename, d.ext, d.homepage, d.version, d.size, d.platform, d.logourl, d.description, d.html, d.smiley, d.br, d.xcode, d.submitter, d.date, c.title FROM ".$db->prefix( $mydirname."_downloads" )." d LEFT JOIN ".$db->prefix( $mydirname."_cat" )." c ON d.cid=c.cid WHERE d.lid='".$aprovalid."'");
while( list( $cid, $title, $url, $filename, $ext, $homepage, $version, $size, $platform, $logourl, $description, $html, $smiley, $br, $xcode, $submitter, $date, $category ) = $db->fetchRow( $result ) ) {
	$cid4assign = intval( $cid ) ;
	$url4assign = $myts->makeTboxData4Show( $url ) ;
	$title4assign = $myts->makeTboxData4Show( $title ) ;
	$filename = $myts->makeTboxData4Show( $filename ) ;
	$ext = $myts->makeTboxData4Show( $ext ) ;
	if ( ! preg_match("/^http:\/\//", $url) ) {
		if ( ! empty( $filename ) ){
			$filelink =  '<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'&filename='.$filename.'&ext='.$ext.'">' ;
		} else {
			$filelink =  '<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'">' ;
		}
	} else {
		$filelink =  '<a href="'.$mod_url.'/index.php?page=visit_url&url='.$url4assign.'" rel="nofollow">' ;
	}
	if( empty( $usealbum ) ){
		$logourl4assign = $myts->makeTboxData4Edit( $logourl ) ;
	} else {
		$logourl4assign = intval( $logourl ) ;
	}
	$shots_link = d3download_shots_link( $mydirname, $cid4assign, $url4assign, $filelink, $logourl4assign ) ;
	$submitter =  intval( $submitter ) ;
	if ( strstr ( $description , '[pagebreak]' ) ){
		$body = str_replace( '[pagebreak]','', $description  ) ;
	} else {
		$body = $description ;
	}
	$body4assign = $myts->displayTarea( $body, intval( $html ), intval( $smiley ), intval( $xcode ), 1, intval( $br ) ) ;
	$download4assign = array(
		'cid' => $cid4assign ,
		'category' => $category ,
		'title' => $title4assign ,
		'url' => $url4assign ,
		'filelink' => $filelink ,
		'homepage' => $myts->makeTboxData4Show( $homepage ) ,
		'version' => $myts->makeTboxData4Show( $version ) ,
		'size' =>  intval( $size ) ,
		'platform' => $myts->makeTboxData4Show( $platform ) ,
		'logourl' => $logourl4assign ,
		'description' => $body4assign ,
		'submitter' =>  $submitter ,
		'updated' => formatTimestamp(intval( $date ),'s') ,
		'date' => intval( $date ) ,
		'shots' => $shots_link ,
	) ;
}

// TRANSACTION PART

if( isset( $_POST['unapproval_post'] ) ) {
	if ( ! $xoopsGTicket->check( true , 'd3downloads' ) ) {
		redirect_header(XOOPS_URL.'/modules/'.$mydirname.'/admin/index.php',3,$xoopsGTicket->getErrors());
	}

	$edit_id = isset( $_POST['requestid'] ) ? intval( @$_POST['requestid'] ) : "" ;
	$cid = isset( $_POST['cid'] ) ? intval( @$_POST['cid'] ) : "" ;
	$title  = isset( $_POST['title'] )  ? $myts->makeTboxData4Save( @$_POST['title'] ) : "" ;
	$url  = isset( $_POST['url'] )  ? $myts->makeTboxData4Save( @$_POST['url'] ) : "" ;
	$filename  = isset( $_POST['filename'] )  ? $myts->makeTboxData4Save( @$_POST['filename'] ) : "" ;
	$ext  = isset( $_POST['ext'] )  ? $myts->makeTboxData4Save( @$_POST['ext'] ) : "" ;
	$homepage = isset( $_POST['homepage'] ) ? $myts->makeTboxData4Save( @$_POST['homepage'] ) : "" ;
	$version = isset( $_POST['version'] ) ? $myts->makeTboxData4Save( @$_POST['version'] ) : "" ;
	$size = isset( $_POST['size'] ) ?  intval( @$_POST['size'] ) : "" ;
	$platform = isset( $_POST['platform'] ) ?  $myts->makeTboxData4Save( @$_POST['platform'] ) : "" ;
	if( empty( $usealbum ) ){
		$logourl = isset( $_POST['logourl'] ) ?  $myts->makeTboxData4Save( @$_POST['logourl'] )  : "" ;
	} else {
		$logourl = isset( $_POST['logourl'] ) ?  intval( @$_POST['logourl'] )  : "" ;
	}
	$description = isset( $_POST['description'] ) ?  $myts->makeTboxData4Save( @$_POST['description'] ) : "" ;
	$html = isset( $_POST['html'] ) ? 1 : 0 ;
	$smiley = isset( $_POST['smiley'] ) ? 1 : 0 ;
	$br = isset( $_POST['br'] ) ? 1 : 0 ;
	$xcode = isset( $_POST['xcode'] ) ? 1 : 0 ;
	$submitter =  isset( $_POST['submitter'] ) ? intval( @$_POST['submitter'] ) : "" ;
	$date =  isset( $_POST['date'] ) ? intval( @$_POST['date'] ) : "" ;
	$visible = isset( $_POST['visible'] ) ? 1 : 0 ;
	$cancomment = isset( $_POST['comment'] ) ? 1 : 0 ;
	$notify = isset( $_POST['notify'] ) ? intval( @$_POST['notify'] ) : "" ;
	$modify = isset( $_POST['modify'] ) ? intval( @$_POST['modify'] ) : "" ;
	$lid = isset( $_POST['lid'] ) ? intval( @$_POST['lid'] ) : "" ;
	$postname = d3download_postname( $submitter );

	// ERORR INITIALIZATION
	$errors = '';

	// NO Data
	if( ! $title || ! $url || ! $description ){
		redirect_header( XOOPS_URL."/modules/$mydirname/admin/index.php?page=approvalmanager", 2, _MD_D3DOWNLOADS_NO_DATA);
	}
	// MAKE LINK SQL
	if( ! empty( $edit_id ) && empty($modify) && empty($lid) ) {
		list( $new_lid ) = $db->fetchRow( $db->query( "SELECT MAX( lid ) + 1 FROM ".$db->prefix( $mydirname."_downloads" ) ) ) ;
		$sql  = "INSERT INTO ".$db->prefix( $mydirname."_downloads" )." ( lid, cid, title, url, filename, ext, homepage, version, size, platform, logourl, description, html, smiley, br, xcode, submitter, date, visible, cancomment ) ";
		$sql .= "VALUES( '".$new_lid."', '".$cid."','".$title."', '".$url."', '".$filename."', '".$ext."', '".$homepage."', '".$version."', '".$size."', '".$platform."', '".$logourl."', '".$description."', '".$html."', '".$smiley."', '".$br."', '".$xcode."', '".$submitter."', '".$date."', '".$visible."', '".$cancomment."' )"; 
		$result = $db->query( $sql );
		$newid = $db->getInsertId();
		if( ! $result ) $errors[] = $edit_id ;
		// categories query
		$sql = "SELECT cid, pid, title FROM ".$db->prefix($mydirname."_cat")."" ;
		$crs = $db->query( $sql ) ;
		if( $crs ) while( $cat_row = $db->fetchArray( $crs ) ) {
			$ctitle = $myts->makeTboxData4Show( $cat_row['title'] ) ;
		}
		// Define tags for notification message
		$tags = array();
		$tags = array(
			'POSTER_UNAME' => $postname ,
			'POST_TITLE' => $title ,
			'POST_BODY' => $description ,
			'POST_URL' => XOOPS_URL . '/modules/' . $mydirname . '/index.php?page=singlefile&cid=' . $cid . '&lid=' . $newid,
			'CAT_TITLE' => $ctitle ,
			'CAT_URL' => XOOPS_URL . '/modules/' . $mydirname . '/index.php?cid=' . $cid ,
		) ;
		d3download_main_trigger_event( 'global' , 0 , 'newpost' , $tags, 0 ) ;
		d3download_main_trigger_event( 'category' , $cid , 'newpost' , $tags, 0 ) ;
		d3download_main_trigger_event( 'category' , $cid , 'newpostfull' , $tags, 0 ) ;
		if( ! empty( $notify ) ){
			d3download_main_trigger_event( 'global' , $edit_id , 'approve' , $tags, 0 ) ;
		}
	} elseif( ! empty( $edit_id ) && ! empty($modify) && ! empty($lid) ) {
		// UPDATE SQL
		$sql = "SELECT COUNT(*) FROM ".$db->prefix( $mydirname."_downloads" )." WHERE lid='".$lid."'";
		list( $count ) = $db->fetchRow( $db->query( $sql) );
		if( $count > 0 ){
			if( isset( $_POST['dateoption'] ) ){
				$sql = "UPDATE ".$db->prefix($mydirname."_downloads")." SET lid = '".$lid."', cid = '".$cid."', title = '".$title."', url = '".$url."', filename = '".$filename."', ext = '".$ext."', homepage = '".$homepage."', version = '".$version."', size = '".$size."', platform = '".$platform."', logourl = '".$logourl."', description = '".$description."', html = '".$html."', smiley = '".$smiley."', br = '".$br."', xcode = '".$xcode."', submitter = '".$submitter."', visible = '".$visible."', cancomment = '".$cancomment."' WHERE lid = ".$lid;
			} else {
				$sql = "UPDATE ".$db->prefix($mydirname."_downloads")." SET lid = '".$lid."', cid = '".$cid."', title = '".$title."', url = '".$url."', filename = '".$filename."', ext = '".$ext."', homepage = '".$homepage."', version = '".$version."', size = '".$size."', platform = '".$platform."', logourl = '".$logourl."', description = '".$description."', html = '".$html."', smiley = '".$smiley."', br = '".$br."', xcode = '".$xcode."', submitter = '".$submitter."', date = '".$date."', visible = '".$visible."', cancomment = '".$cancomment."' WHERE lid = ".$lid;
			}
			$result = $db->query($sql);
			if( ! $result ) $errors[] = $lid ;
			list( $new_historyid ) = $db->fetchRow( $db->query( "SELECT MAX( id ) + 1 FROM ".$db->prefix( $mydirname."_downloads_history" ) ) ) ;
			$sql  = "INSERT INTO ".$db->prefix( $mydirname."_downloads_history" )." ( id, lid, cid, title, url, description, date ) ";
			$sql .= "VALUES( '".$new_historyid."', '".$lid."', '".$cid."','".$title."', '".$url."', '".$description."', '".$date."' )"; 
			$result = $db->query($sql);
			d3download_delete_history( $mydirname, $lid );
			if( ! empty( $notify ) ){
				// Define tags for notification message
				$tags = array();
				$tags = array(
					'POST_TITLE' => $title ,
					'POST_URL' => XOOPS_URL . '/modules/' . $mydirname . '/index.php?page=singlefile&cid=' . $cid . '&lid=' . $lid,
				) ;
				d3download_main_trigger_event( 'global' , $lid , 'approve' , $tags, 0 ) ;
			}
		}
	}
	$sql = "SELECT COUNT(*) FROM ".$db->prefix($mydirname."_unapproval")." WHERE requestid='".$edit_id."'";
	list( $count ) = $db->fetchRow( $db->query($sql) );
	if( $count > 0 ){
		$sql = "DELETE FROM ".$db->prefix($mydirname."_unapproval")." WHERE requestid = ".$edit_id;
		$result = $db->query($sql);
		if( ! $result ) $errors[] = $edit_id ;
	}
	redirect_header( XOOPS_URL."/modules/$mydirname/admin/index.php?page=approvalmanager" , 2 , $errors ? sprintf( _MD_D3DOWNLOADS_ERROR_MESSEAGE , implode( ',' , $errors ) ) : _MD_D3DOWNLOADS_SUBMIT_APPROVED ) ;
	exit();
}

// DELETE SQL
if( isset( $_POST['approvalform_delete'] )) {
	$errors = '';
	$delete_requestid = isset( $_POST['requestid'] ) ? intval( @$_POST['requestid'] ) : "" ;

	if ( ! $xoopsGTicket->check( true , 'd3downloads' ) ) {
		redirect_header(XOOPS_URL.'/modules/'.$mydirname.'/admin/index.php',3,$xoopsGTicket->getErrors());
	}

	$sql = "SELECT COUNT(*) FROM ".$db->prefix($mydirname."_unapproval")." WHERE requestid='".$delete_requestid."'";
	list( $count ) = $db->fetchRow( $db->query($sql) );
	if( $count > 0 ){
		$sql = "DELETE FROM ".$db->prefix($mydirname."_unapproval")." WHERE requestid = ".$delete_requestid;
		$result = $db->query($sql);
		if( ! $result ) $errors[] = $delete_requestid ;
		redirect_header( XOOPS_URL."/modules/$mydirname/admin/index.php?page=approvalmanager" , 2 , $errors ? sprintf( _MD_D3DOWNLOADS_ERROR_MESSEAGE , implode( ',' , $errors ) ) : _MD_D3DOWNLOADS_DELETED ) ;
		exit();
	} else {
		redirect_header( XOOPS_URL."/modules/$mydirname/admin/index.php?page=approvalmanager&amp;requestid=".$delete_requestid, 2, _MD_D3DOWNLOADS_NONDELETED);
		exit();
	}
}

// display stage
xoops_cp_header();
include dirname(__FILE__).'/mymenu.php' ;
require_once XOOPS_ROOT_PATH.'/class/template.php' ;
$tpl =& new XoopsTpl() ;
$tpl->assign( array(
	'mydirname' => $mydirname ,
	'mod_url' => $mod_url ,
	'page' => 'approval' ,
	'unapproval' => $unapproval4assign ,
	'down' => $download4assign ,
	'canuseshots' => $canuseshots ,
	'select_platform' => $select_platform ,
	'downimg' => $img_ar ,
	'shots_help' => $shots_help ,
	'formtitle' => $formtitle ,
	'xoops_isuser' => $xoops_isuser ,
	'xoops_userid' => $xoops_userid ,
	'xoops_uname' => $xoops_uname ,
	'xoops_isadmin' => $xoops_isadmin ,
	'xoops_config' => $xoopsConfig ,
	'mod_config' => $xoopsModuleConfig ,
	'gticket_hidden' => $xoopsGTicket->getTicketHtml( __LINE__ , 1800 , 'd3downloads') ,
) ) ;
$tpl->display( 'db:'.$mydirname.'_admin_approval.html' ) ;
xoops_cp_footer();

?>